End-of-Day report
Timeframe: Mittwoch 31-07-2019 18:00 - Donnerstag 01-08-2019 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
Brand-New SystemBC Proxy Malware Spotted Using SOCKS5 for Stealth
The proxy is being distributed by the RIG and Fallout exploit kits.
https://threatpost.com/systembc-proxy-malware-socks5-stealth/146879/
Unpatched Flaws in IoT Smart Deadbolt Open Homes to Danger
Researchers are warning that unpatched flaws found in the Hickory Smart Bluetooth Enabled Deadbolt allow an attacker with access to a victims phone to break into their houses.
https://threatpost.com/unpatched-flaws-in-iot-smart-deadbolt-open-homes-to-danger/146871/
Google Chrome: Sicherheitsupdate mit 43 Security-Fixes veröffentlicht
Google hat für die kürzlich erschienene Chrome-Version 76 ein Update veröffentlicht. Einige der gefixten Sicherheitslücken weisen den Schweregrad "High" auf.
https://heise.de/-4485571
No summer break for Magecart as web skimming intensifies
Despite the heat, criminals are hard at work stealing credit card data from unaware shoppers. July marks a notable increase in web skimmer attacks over previous months.
https://blog.malwarebytes.com/web-threats/2019/08/no-summer-break-for-magecart-as-web-skimming-intensifies/
Vulnerabilities
Apache Subversion svnserve vulnerabilities
The recent releases of Apache Subversion 1.12.2, 1.10.6, 1.9.12, contain fixes for two security issues, CVE-2018-11782 and CVE-2019-0203. These issues affect Subversion svnserve servers. We encourage server operators to upgrade to the latest appropriate version as soon as reasonable.
https://seclists.org/oss-sec/2019/q3/105
Security updates for Thursday
Security updates have been issued by CentOS (httpd, libssh2, and qemu-kvm), Debian (glib2.0, squirrelmail, subversion, and wpa), Fedora (proftpd), Oracle (icedtea-web), Red Hat (icedtea-web), Scientific Linux (icedtea-web), SUSE (icedtea-web, java-1_7_0-openjdk, subversion, and zypper, libzypp and libsolv), and Ubuntu (linux-hwe, openjdk-lts, pango1.0, python-django, and subversion).
https://lwn.net/Articles/795082/
Cisco Nexus 9000 Series ACI Mode Switch Software Link Layer Discovery Protocol Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190731-nxos-bo
IBM Security Bulletin: Remote Execution Vulnerability Affects Red Hat Linux Used By IBM WebSphere Application Server in IBM Cloud (CVE-2019-12735)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-remote-execution-vulnerability-affects-red-hat-linux-used-by-ibm-websphere-application-server-in-ibm-cloud-cve-2019-12735/
IBM Security Bulletin: Vulnerability in IBM Java SDK (April 2019) affecting IBM Application Delivery Intelligence for IBM Z V5.1.0, V5.0.5, and V5.0.4
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-java-sdk-april-2019-affecting-ibm-application-delivery-intelligence-for-ibm-z-v5-1-0-v5-0-5-and-v5-0-4/
IBM Security Bulletin: Information disclosure in WebSphere Application Server Admin Console in IBM Cloud (CVE-2019-4269)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosure-in-websphere-application-server-admin-console-in-ibm-cloud-cve-2019-4269/
IBM Security Bulletin: IBM Jazz for Service Management could allow an unauthorized local user to create unique catalog names that could cause a denial of service (CVE-2019-4275)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-jazz-for-service-management-could-allow-an-unauthorized-local-user-to-create-unique-catalog-names-that-could-cause-a-denial-of-service-cve-2019-4275/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Enterprise Resource Planning (CVE-2018-1890, CVE-2018-12547)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-for-enterprise-resource-planning-cve-2018-1890-cve-2018-12547/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot on AIX and Linux (CVE-2018-1890, CVE-2018-12547) Security Bulletin
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-snapshot-on-aix-and-linux-cve-2018-1890-cve-2018-12547-security-bulletin/
IBM Security Bulletin: Password disclosure via application trace affects IBM Spectrum Protect for Enterprise Resource Planning (CVE-2018-1987)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-password-disclosure-via-application-trace-affects-ibm-spectrum-protect-for-enterprise-resource-planning-cve-2018-1987/
IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-corporate-payment-services-for-multi-platform-v2-1-1-is-affected-by-a-potential-cross-site-scripting-xss-vulnerability-cve-2018-15494/
IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-ach-services-is-affected-by-a-potential-cross-site-scripting-xss-vulnerability-cve-2018-15494/
IcedTea-Web: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K19-0679
Symantec Endpoint Protection: Schwachstelle ermöglicht Privilegieneskalation
http://www.cert-bund.de/advisoryshort/CB-K19-0681